- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Thu, 8 Apr 2010 22:31:26 +0200
- To: "Frederick Hirsch" <Frederick.Hirsch@nokia.com>
- Cc: "Frederick Hirsch" <Frederick.Hirsch@nokia.com>, "Satoru Kanno" <kanno.satoru@po.ntts.co.jp>, <public-xmlsec-comments@w3.org>, <kanda.masayuki@lab.ntt.co.jp>, "XMLSec WG Public List" <public-xmlsec@w3.org>
Absolutely! I wasn't aware of this document actually... Regards, Anders ----- Original Message ----- From: "Frederick Hirsch" <Frederick.Hirsch@nokia.com> To: "ext Anders Rundgren" <anders.rundgren@telia.com> Cc: "Frederick Hirsch" <Frederick.Hirsch@nokia.com>; "Satoru Kanno" <kanno.satoru@po.ntts.co.jp>; <public-xmlsec-comments@w3.org>; <kanda.masayuki@lab.ntt.co.jp>; "XMLSec WG Public List" <public-xmlsec@w3.org> Sent: Thursday, April 08, 2010 22:23 Subject: Re: Comment for the latest Working Draft of Encryption 1.1 Does the "XML Security Algorithm Cross-Reference" not serve this need, while avoiding duplication of definitions? http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/Overview.html regards, Frederick Frederick Hirsch Nokia On Apr 8, 2010, at 5:28 AM, ext Anders Rundgren wrote: > I strongly support the idea of a limited set of MANDATORY algorithms > but I would not feel too awkward about having an appendix with > (non-normative) extension objects that could contain Camellia. > > It is not perfect but it is a least best better than nothing and > for an implementer it gives about the same results :-) > (I'm an implementer...) > > Anders > http://webpki.org/auth-token-4-the-cloud.html > > Satoru Kanno wrote: >> Dear Frederick, >> >> We strongly appreciated your discussing again for Camellia cipher. >> Although we can understand your resolution, we greatly expected to >> add >> Camellia cipher to XML Encryption 1.1 because there are XML >> encryption >> products loading Camellia, e.g., XSECT Library of IAIK-Java. >> >> Anyway, we wish Camellia to be implemented in XML Encryption library >> as well as AES. >> If so in the future, we hope to discuss the adoption of Camellia into >> XML Encryption again. >> >> Best regards, >> Satoru >> >> >> (2010/04/07 8:42), Frederick Hirsch wrote: >>> Satoru >>> >>> The XML Security WG discussed your original request to add the >>> Camelia >>> cipher to XML Encryption 1.1 on 16 June 2009 [1] after you raised it >>> last year [2]. At that time the Working Group (WG) decided not to >>> add >>> this additional algorithm to the XML Encryption 1.1 specification, >>> but >>> to include it in the XML Security Algorithms Cross Reference [3]. We >>> documented the decision to add it to the cross-reference but did not >>> formally make a resolution to not add it to XML Encryption 1.1 At >>> the 30 >>> March 2010 teleconference the WG re-affirmed its previous decision >>> and >>> made a formal resolution not to add Camelia to XML Encryption 1.1, >>> to >>> document the decision for the record [4]. >>> >>> The reason the WG decided not to include this algorithm in the XML >>> Encryption 1.1 specification itself has not changed. The rationale >>> is >>> that the XML Encryption 1.1 specification itself should include a >>> minimum set of algorithm definitions and rely on extension points to >>> allow additional algorithms. There are two reasons for this. First, >>> algorithms included in the specification should have wide >>> implementation >>> support as evidenced by interop testing performed during the >>> development >>> of the specification, and adding additional algorithms has a WG >>> cost in >>> terms of formally testing interoperability. Secondly, including >>> additional algorithms imposes additional costs and requirements on >>> developers. >>> >>> However, since XML Encryption 1.1 is extensible, adoption of >>> Camelia is >>> possible with it. To enable this and facilitate the discovery of >>> information about algorithms the WG has created the XML Security >>> Algorithms Cross Reference and has included Camelia in it. >>> >>> Unless we have new arguments for adding this algorithm suite to >>> the XML >>> Encryption 1.1 we shall consider this issue closed (ISSUE-195 and >>> ISSUE-134). >>> >>> Thank you. >>> >>> regards, Frederick >>> >>> Frederick Hirsch, Nokia >>> Chair XML Security WG >>> >>> [1] http://www.w3.org/2009/06/16-xmlsec-minutes.html#item09 >>> >>> [2] ISSUE-134 , http://www.w3.org/2008/xmlsec/track/issues/134 >>> >>> [3] http://www.w3.org/TR/2010/WD-xmlsec-algorithms-20100316/ >>> >>> [4] http://www.w3.org/2010/03/30-xmlsec-minutes.html >>> >>> >>> >>> On Mar 18, 2010, at 12:20 AM, ext Satoru Kanno wrote: >>> >>>> Hi, Folks >>>> >>>> We have a comment for the latest Working Draft of Encryption 1.1. >>>> >>>> We strongly think that the Camellia cipher should be adopted >>>> by not only Cross-Reference but also XML Encryption 1.1. >>>> Because the Camellia cipher is described in RFC4051, which is >>>> Standard >>>> track RFC. >>>> >>>> Does this have any problems? >>>> >>>> Of course, current Cross-Reference document already includes the >>>> Camellia cipher. >>>> >>>> For your information, Camellia has been already adopted in TLS, >>>> IPsec, S/MIME, OpenPGPG, Kerberos (plans), and other standards. >>>> In addition, as open source software, Camellia is loaded to >>>> OpenSSL, >>>> Firefox, Linux, FreeBSD, MIT Kerberos KRB5 (scheduled), and so on. >>>> For more information on Camellia cipher, please see at; >>>> http://info.isl.ntt.co.jp/crypt/eng/camellia/index.html >>>> >>>> Best regards, >>>> >>>> -- >>>> Satoru Kanno >>>> >>>> Security Business Unit >>>> Mobile and Security Solution Business Group >>>> NTT Software Corporation >>>> >>>> e-mail: kanno.satoru@po.ntts.co.jp >>>> >>>> >>>> >>> >>> >>> >> >> >
Received on Thursday, 8 April 2010 20:32:04 UTC